Within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions related to data protection, the controller is:
Alpen Pharma Ltd
Jordan Josifov No. 6
Right of access
In accordance with Article 15 GDPR, you have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have a right to access information about this personal data and to further information mentioned in Article 15 GDPR.
Right to rectification
In accordance with Article 16 GDPR, you have the right to request that we immediately rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have the right to request that we immediately erase personal data concerning you. We are obliged to erase personal data immediately, provided that the corresponding requirements of Article 17 GDPR are met. Please refer to Article 17 GDPR for details.
Right to restriction of processing
In accordance with Article 18 GDPR, under certain circumstances, you have the right to request that we restrict the processing of your personal data.
Right to data portability
In accordance with Article GDPR, you have the right to receive the personal data that you have provided us in a structured, common and machine-readable format, and you have the right to have us transfer this data to another controller without hindrance, provided that the processing is based on a declaration of consent pursuant to Article 6 (1) a) GDPR or Article 9 (2) a) GDPR which is based on a contract pursuant to Article 6 (1) b) GDPR and the processing is carried out by automated means.
Right of objection
In accordance with Article 21 GDPR, you have the right to object to the processing of personal data concerning you as based on Article 6 (1) e) or f) GDPR. This also applies to profiling based on these provisions.
If we process your personal data for direct marketing purposes, you have the right at any time to object to the processing of your personal data for the purposes of such marketing. This also applies to profiling insofar as it is associated with such direct marketing.
Right to lodge a complaint with a supervisory authority
In accordance with Article 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority. This right exists in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Invoke your rights
If you wish to exercise one of your rights, please contact us as the controller at the contact information indicated above or use any of the other forms we offer to communicate with us. If you have any queries, please contact us.
Server log files
When you visit our website, the company we use to operate the website processes and stores technical information about the terminal device used by you (operating system, screen resolution and other non-personal features) and about the browser (version, language settings), in particular the public IP address of the computer you use to visit our website, including the date and time of access. The IP address is a unique numeric address under which your terminal device sends/retrieves data to/from the Internet. Unless you share data that allows us to identify you while using our website, our service provider or we are generally unable to know to whom an IP address belongs. Furthermore, a user may be identified if legal action is taken against them (e.g. in the case of attacks on website) and we become aware of their identity during the investigation. As a rule, you need not worry about us being able to assign your IP address to you.
Our service provider uses the processed data in a non-personally identifiable manner for statistical purposes so that we can trace what kind of terminal devices, with which settings, are used to access our website, and then optimize them accordingly. These statistics do not contain any personally identifiable data. The legal basis for compiling the statistics is Article 6 (1) f) GDPR.
The IP address is further used so that you can technically access and use our website, and to detect and ward off attacks against our service provider or our website. Unfortunately, attacks designed to harm website operators or their users (e.g. to prevent access, spy on data, distribute malware [e.g. viruses], or for other unlawful purposes) are repeatedly carried out. Such attacks would impair the proper functioning of the data centre of the company we have commissioned, the use of our website or its features, and the security of visitors to our website. The IP address and the time of access are processed to ward off such attacks. By means of this processing, we – by way of our service provider – pursue the legitimate interest of ensuring the functionality of our website and preventing unlawful attacks against us and our website visitors. The legal basis for processing is Article 6 (1) f) GDPR.
The stored IP data is deleted (by means of anonymization) as soon as it is no longer required for the detection of or defence against an attack.
A cookie is a small text file that your browser stores on your computer when you access our website. If you re-visit our website later, we can read these cookies again. Cookies are stored for different periods of time. You may at any time configure which cookies your browser shall accept. This may, however, cause our website to no longer function properly. Furthermore, you can delete cookies yourself at any time. If you do not delete them, we can specify for how long a cookie is to be stored on your computer. Distinction is made here between so-called session cookies and persistent cookies. Session cookies are deleted by your browser when you leave our website or close the browser. Persistent cookies are stored for the period that we specify during the storage.
·Technically necessary cookies that are required for the use of the functions of our website (e.g. to identify that you have logged in). Certain functions cannot be provided without these cookies.
·Functional cookies that are used to technically perform certain functions that you want to use.
Most of the browsers used by our users allow us to configure which cookies are to be stored and make it possible to delete (certain) cookies. If you restrict the storage of cookies to certain websites or do not allow cookies from third-party websites, it may no longer be possible to make use of the full functionality of our website. Information on how to customize cookie settings for the most common browsers is available here:
·Google Chrome (support.google.com/chrome/answer/95647?hl=en)
·Internet Explorer (https://support.microsoft.com/en-us/help/17442/windows-internet-explorer…)
We are delighted by your interest in us and that you have applied or are applying for a position in our company. We would like to provide you with information concerning the processing of your personal data in connection with the application below.
We process the information you have provided us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our company) and to conduct the application process.
The legal basis for the processing of your personal data is the exercise of legitimate interests in accordance with Article 6 (1) f) GDPR. Our interest lies in conducting the application process and possibly in the assertion or defence against claims.
In the case of an application is rejected, the applicant’s data shall be deleted within 6 months.
If you have been accepted for a position during the application process, the data from the applicant data system will be transferred to our personnel information system.
In principle, your data shall only be provided to those persons in the company who require it for the proper execution of our application process.
Disclosure of data to third parties
In principle, we do not disclose the personal data communicated to us to third parties (i.e. especially not for advertising purposes).
For the operation of these Internet pages or for the provision of products / services, however, we work together with service providers (processors). It may happen that such service providers become aware of personal data. We carefully select our service providers – particularly with regard to data protection and data security – and take all measures required under data protection law for permissible data processing.
Data processing outside the EU
We ensure the appropriate level of data protection in the context of participation in the so-called Privacy Shield and the measures taken by the service provider for data protection and data security.
Introduction to Social Media
On our website, we offer social media content (such as Facebook, Youtube, etc.). In the context of the use of such content, your data may be forwarded to the providers of such content.
We would like to point out that user data may be processed outside the European Union. This can result in risks for the user since, for example, it could make it more difficult to enforce the rights of the user. With regard to US providers that are certified under the Privacy Shield, we would like to point out that by doing so they commit themselves to comply with the data protection standards of the EU.
We would also like to point out that if you use the contents of our providers, your data will be processed for market and advertising research purposes. This may result in specific advertising placement after you have used these social media services.
The processing of users’ personal data is carried out on the basis of our legitimate interests in the effective information of users and communication with users in accordance with Article 6 (1) f) GDPR.
If the users are requested by the respective providers of the platforms to consent to the aforementioned data processing, the legal basis for the processing is Article 6 (1) a), and Article 7 GDPR.
The possibility of an objection (Opt-out) is explained below for individual social media contents.
Facebook-Plugins (Like & Share-Button)
Our site uses social plugins (“plugins”) from facebook.com. Provider is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This plugin is used based on our legitimate interest in the analysis, improvement and economic operation of our business (Article 6 (1) f) GDPR.
The facebook plugin is easily recognizable by the typical signs such as logo, like-button or thumbs up sign.
When you click on a facebook button, a direct connection to facebook servers is established and at least the following information is transmitted: Information that you are on our website; assignment of your activity (e.g. “link”) to your facebook account.
Facebook is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European privacy laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Google Analytics analysis tool
Google Analytics allows us to compile usage statistics for our website, as well as demographic data on visitors and their user behaviour, in non-personally identifiable form. Statistics are also compiled to help us better understand how visitors find our site, so that we can improve our search engine optimisation and advertising efforts. This processing enables us to pursue the legitimate interest to be able to improve our website as well as our advertising measures (legal basis: Article 6 (1) f) GDPR).
You can find information on how to opt out of using Google Analytics at: https://tools.google.com/dlpage/gaoptout?hl=en.
Google is a member of the PrivacyShield Agreement and has entered into an order processing contract with us for Google Analytics. Pseudonymous data will be deleted after 14 months.
Google Adwords / Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
Within the framework of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and do not serve the personal identification of the users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the ad and was directed to that page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, AdWords customer do not receive any information that personally identifies users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in your Internet browser under User Settings. They will then not be included in the conversion tracking statistics.
Conversion cookies” are stored on the basis of a legitimate interest in analysing user behaviour in order to optimise both the website and its advertising (legal basis: Article 6 (1) f) GDPR).
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Google Remarketing / Double Click
Our sites use Google Analytics Remarketing features in conjunction with the cross-device features of Google AdWords and Google DoubleClick. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This feature allows you to link advertising target groups created with Google Analytics Remarketing with the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one terminal (e.g. mobile phone) can also be displayed on another of your terminals (e.g. Tablet or PC).
If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you sign in with your Google Account.
To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.
You can permanently opt out of cross-device remarketing/targeting by opting out of personalized advertising in your Google Account by following this link: https://www.google.com/settings/ads/onweb/.
The data collected in your Google Account is only collected on the basis of your consent, which you can give or revoke at Google (Article 6 (1) a) GDPR). In the case of data collection processes that are not merged into your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the data collection is based on Article 6 (1) f) GDPR. The justified interest results from the fact that the website operator has an interest in the anonymous analysis of the website visitors for advertising purposes.
We have included YouTube videos on our website. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This plugin is used on the basis of our legitimate interest in the improvement and economic operation of our business (Article 6 (1) f) GDPR).
The playback of videos involves considerable amounts of data, especially when different visitors to the website are watching videos in parallel. Furthermore, the playback of videos is accelerated and thus their playback quality is improved if the videos are played from a server that is as close as possible to the visitor of the website. Due to the considerable technical effort involved, we cannot guarantee this ourselves. We have therefore integrated the videos via Youtube. The legal basis is Article 6 (1) f) GDPR.
Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European privacy laws: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
We have included videos in our online offer which are stored on http://www.flowplayer.com and can be played directly from our website. This processing is based on Article 6 (1) sentence 1 f) GDPR. We pursue with it our legitimate interest to increase your user experience and the optimization of our services. Flowplayer AB is based in Riddargatan 17B, 114 57, Stockholm, Sweden and is subject to the data protection law of the European Union.
By visiting the website, Flowplayer receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Flowplayer provides a user account that you are logged in to or whether no user account exists. If you are logged in to Flowplayer, your data will be directly assigned to your account. If you do not wish to be associated with your profile on Flowplayer, you must log out before visiting the website. Flowplayer stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Flowplayer to exercise this right.
If you subscribe to our e-mail newsletter, the data you provided for creating and sending the newsletter as well as for the proof of registration to our newsletter will be processed until you unsubscribe. The legal basis for processing is Article 6 (1) (a) GDPR. To send the newsletter, you must verify your consent by clicking on the confirmation link in the verification e-mail that we send to you after registering. By clicking on the corresponding link, we process the public IP address of the computer from which the link is activated together with the date and time of the click. We process this data in order to provide proof that you have confirmed the receipt of our e-mail newsletter.
The legal basis for processing is Article 6 (1) f) GDPR. Our legitimate interest in this is to fulfill our obligation to provide proof of your subscription.
You can revoke your consent at any time by unsubscribing from the newsletter. You will find a link at the end of each newsletter.
We delete your data once you unsubscribe from the newsletter. We delete the data, which we need as proof that you have agreed to having the newsletter sent to you, after the limitation period for the corresponding obligations to provide proof has expired.